Re: [cifs-discuss] CIFS authentication fails

Chidambaram Muthu Thu, 03 Dec 2009 01:24:40 -0800

Hi,


        The smbd is failing offenly. It would be great if could help me on this.

Dec  3 13:31:30 filera01 idmap[9513]: [ID 341341 daemon.debug] Looking for 
domains in forest...
Dec  3 13:31:30 filera01 idmap[9513]: [ID 632961 daemon.debug]     found 
sasken.com
Dec  3 13:31:30 filera01 idmap[9513]: [ID 767837 daemon.debug] unable to 
discover Trusted Domains
Dec  3 13:38:21 filera01 smbd[11763]: [ID 327665 daemon.debug] 
smbrdr_exchange[117]: failed (-1)
Dec  3 13:38:21 filera01 smbd[11763]: [ID 898164 daemon.debug] 
smbrdr_tree_connectx: UNEXPECTED_NETWORK_ERROR
Dec  3 13:38:21 filera01 smbd[11763]: [ID 622740 daemon.debug] 
smbrdr_tree_connect: \\chubdc01\IPC$ failed
Dec  3 13:38:21 filera01 smbd[11763]: [ID 361333 daemon.debug] smbrdr: no 
session available
Dec  3 13:38:21 filera01 smbd[11763]: [ID 529032 daemon.debug] 
smbrdr_session_init failed
Dec  3 13:38:21 filera01 smbd[11763]: [ID 385885 daemon.debug] 
smbrdr_negotiate: cannot access domain
Dec  3 13:38:21 filera01 smbd[11763]: [ID 266124 daemon.debug] 
smbrdr_auth_logon: negotiate failed


Thanks,
M.Chidambaram.

-----Original Message-----
From: Chidambaram Muthu
Sent: Thursday, November 26, 2009 9:42 AM
To: '[email protected]'
Cc: [email protected]
Subject: RE: [cifs-discuss] CIFS authentication fails

Hi,

After you restart the service do you know how long it takes to get to this 
stage again?

        After restart the service, it will not prompt for authentication 
immediatly it works with single sign on, no time delay.

        Following is the time taken to restart the service.
                r...@filera01:~# time svcadm restart smb/server

                real    0m0.160s
                user    0m0.010s
                sys     0m0.025s


How many domains and domain controllers do you have?

        Only one domain "sasken.com" and 3 domain controllers.

Can you provide a bit more detail about your environment and your CIFS usage 
pattern?

        We have around 5 CIFS servers, except the CIFS server (Filera01) 
everything works fine. I am not facing similar issue with other servers, they 
all are working perfect with snv122 Build version. Thats my wonder.

        This server is located in different site and its behind a firewall, i 
have revalvent ports between this server and the domain controller  UDP 88, 
TCP/UDP 389, TCP 445, UDP 464, TCP 3268. Time synchronization is taken care.

        Without doing any changes in the config, only on restart of smb service 
it comes to normal state.

        Any timeout or latency issue would cause such problem? What is 
acceptable response time from domain controller? If required to find out, 
please let me know to get this value?

        To have a workaround, is there a command to identify appearance of this 
situation, if so please let me know, so that i can write a script to trigger a 
mail and also to restart the smb/service. I tried the basic smbutil and smbstat 
but nothing declares the situation.

        I got some new log messages,

Nov 26 09:15:14 filera01 idmap[1766]: [ID 979816 daemon.debug] Querying DNS for 
SRV RRs named '_ldap._tcp.gc._msdcs' for 'sasken.com'
Nov 26 09:15:14 filera01 idmap[1766]: [ID 537588 daemon.debug] Found 
_ldap._tcp.gc._msdcs.sasken.com 600 IN SRV [0][100] dcasfz02.sasken.com:3268 
Nov 26 09:15:14 filera01 idmap[1766]: [ID 537588 daemon.debug] Found 
_ldap._tcp.gc._msdcs.sasken.com 600 IN SRV [0][100] chubdc01.sasken.com:3268 
Nov 26 09:15:14 filera01 idmap[1766]: [ID 537588 daemon.debug] Found 
_ldap._tcp.gc._msdcs.sasken.com 600 IN SRV [0][100] chubdc02.sasken.com:3268 
Nov 26 09:15:14 filera01 idmap[1766]: [ID 341341 daemon.debug] Looking for 
domains in forest...
Nov 26 09:15:14 filera01 idmap[1766]: [ID 632961 daemon.debug]     found 
sasken.com
Nov 26 09:15:14 filera01 idmap[1766]: [ID 767837 daemon.debug] unable to 
discover Trusted Domains Nov 26 09:23:41 filera01 smbd[7211]: [ID 327665 
daemon.debug] smbrdr_exchange[117]: failed (-1) Nov 26 09:23:41 filera01 
smbd[7211]: [ID 898164 daemon.debug] smbrdr_tree_connectx: 
UNEXPECTED_NETWORK_ERROR Nov 26 09:23:41 filera01 smbd[7211]: [ID 622740 
daemon.debug] smbrdr_tree_connect: \\chubdc02\IPC$ failed Nov 26 09:23:41 
filera01 smbd[7211]: [ID 135458 daemon.debug] smbrdr: trying port 445 Nov 26 
09:23:41 filera01 smbd[7211]: [ID 508689 daemon.debug] smbrdr: connected on 
port 445 Nov 26 09:23:41 filera01 smbd[7211]: [ID 434374 daemon.debug] smbrdr: 
connected port 445 Nov 26 09:23:41 filera01 smbd[7211]: [ID 895027 
daemon.debug] smbrdr: CHUBDC02: signing required Nov 26 09:23:41 filera01 
smbd[7211]: [ID 395423 daemon.debug] smbrdr_ntcreatex: 14 \srvsvc Nov 26 
09:23:41 filera01 smbd[7211]: [ID 528497 daemon.debug] SmbRdrNtCreate: 
fid=32777 Nov 26 09:23:41 filera01 smbd[7211]: [
 ID 702911 daemon.debug] RemoteTime from chubdc02: Thu Nov 26 09:23:40 2009 Nov 
26 09:23:41 filera01 smbd[7211]: [ID 702911 daemon.debug] NetRemoteTOD from 
chubdc02: NetRemoteTOD: 11/26/09 03:53:40 Nov 26 09:24:51 filera01 smbd[7211]: 
[ID 775558 daemon.debug] smb_door_srv_func: execute server routine(opcode=6)


Thanks,
M.Chidambaram.


-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, November 26, 2009 1:22 AM
To: Chidambaram Muthu
Cc: [email protected]
Subject: Re: [cifs-discuss] CIFS authentication fails

 > Nov 25 17:21:58 filera01 smbd[5859]: [ID 361333 daemon.debug] smbrdr: no  > 
 > session available

It's a bit strange that you are getting this message. There is a table of 
sessions between CIFS and domain controller and this message means that the 
table is full, the problem is that normally we only use 1 or
2 entries of this table.

After you restart the service do you know how long it takes to get to this 
stage again? Can you provide a bit more detail about your environment and your 
CIFS usage pattern? How many domains and domain controllers do you have?

Afshin

Chidambaram Muthu wrote:
>
> Hi,
>
>         I have configured a CIFS server with snv build 122 and is
> binded to AD. It works well, but sometimes when i try to access the
> CIFS share it prompts for authentication. On restart of smb/server
> service, it works well.With the log message i searching, i am not able
> get the relavant details.
>
>         I got the below log messages when authentication was not
> successfull:
>
> Nov 25 17:15:14 filera01 idmap[1766]: [ID 979816 daemon.debug]
> Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'sasken.com'
> Nov 25 17:15:14 filera01 idmap[1766]: [ID 537588 daemon.debug] Found
> _ldap._tcp.dc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc01.sasken.com:389 Nov 25 17:15:14 filera01 idmap[1766]: [ID
> 537588 daemon.debug] Found _ldap._tcp.dc._msdcs.sasken.com 600 IN SRV
> [0][100] chubdc02.sasken.com:389 Nov 25 17:15:14 filera01 idmap[1766]:
> [ID 537588 daemon.debug] Found _ldap._tcp.dc._msdcs.sasken.com 600 IN
> SRV [0][100] dcasfz02.sasken.com:389 Nov 25 17:15:14 filera01
> idmap[1766]: [ID 979816 daemon.debug] Querying DNS for SRV RRs named 
> '_ldap._tcp.FAC-A._sites.dc._msdcs' for 'sasken.com'
> Nov 25 17:15:14 filera01 idmap[1766]: [ID 537588 daemon.debug] Found
> _ldap._tcp.FAC-A._sites.dc._msdcs.sasken.com 600 IN SRV [0][100]
> DCA01.sasken.com:389
> Nov 25 17:15:14 filera01 idmap[1766]: [ID 979816 daemon.debug]
> Querying DNS for SRV RRs named '_ldap._tcp.FAC-A._sites.gc._msdcs' for 
> 'sasken.com'
> Nov 25 17:15:14 filera01 idmap[1766]: [ID 537588 daemon.debug] Found
> _ldap._tcp.FAC-A._sites.gc._msdcs.sasken.com 600 IN SRV [0][100]
> DCA01.sasken.com:3268
> Nov 25 17:15:14 filera01 idmap[1766]: [ID 979816 daemon.debug]
> Querying DNS for SRV RRs named '_ldap._tcp.gc._msdcs' for 'sasken.com'
> Nov 25 17:15:14 filera01 idmap[1766]: [ID 537588 daemon.debug] Found
> _ldap._tcp.gc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc02.sasken.com:3268 Nov 25 17:15:14 filera01 idmap[1766]: [ID
> 537588 daemon.debug] Found _ldap._tcp.gc._msdcs.sasken.com 600 IN SRV
> [0][100] dcasfz02.sasken.com:3268 Nov 25 17:15:14 filera01
> idmap[1766]: [ID 537588 daemon.debug] Found
> _ldap._tcp.gc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc01.sasken.com:3268 Nov 25 17:15:18 filera01 idmap[1766]: [ID 341341 
> daemon.debug] Looking for domains in forest...
> Nov 25 17:15:18 filera01 idmap[1766]: [ID 632961 daemon.debug]     found
> sasken.com
> Nov 25 17:15:18 filera01 idmap[1766]: [ID 767837 daemon.debug] unable
> to discover Trusted Domains *Nov 25 17:21:58 filera01 smbd[5859]: [ID
> 775558 daemon.debug]
> smb_door_srv_func: execute server routine(opcode=0) Nov 25 17:21:58
> filera01 smbd[5859]: [ID 361333 daemon.debug] smbrdr: no session
> available Nov 25 17:21:58 filera01 smbd[5859]: [ID 529032
> daemon.debug] smbrdr_session_init failed Nov 25 17:21:58 filera01
> smbd[5859]: [ID 385885 daemon.debug]
> smbrdr_negotiate: cannot access domain Nov 25 17:21:58 filera01
> smbd[5859]: [ID 266124 daemon.debug]
> smbrdr_auth_logon: negotiate failed
> *Nov 25 17:21:59 filera01 smbd[5859]: [ID 775558 daemon.debug]
> smb_door_srv_func: execute server routine(opcode=0) Nov 25 17:21:59
> filera01 smbd[5859]: [ID 361333 daemon.debug] smbrdr: no session
> available Nov 25 17:21:59 filera01 smbd[5859]: [ID 529032
> daemon.debug] smbrdr_session_init failed Nov 25 17:21:59 filera01
> smbd[5859]: [ID 385885 daemon.debug]
> smbrdr_negotiate: cannot access domain Nov 25 17:21:59 filera01
> smbd[5859]: [ID 266124 daemon.debug]
> smbrdr_auth_logon: negotiate failed
> Nov 25 17:21:59 filera01 smbd[5859]: [ID 775558 daemon.debug]
> smb_door_srv_func: execute server routine(opcode=0) Nov 25 17:21:59
> filera01 smbd[5859]: [ID 361333 daemon.debug] smbrdr: no session
> available Nov 25 17:21:59 filera01 smbd[5859]: [ID 529032
> daemon.debug] smbrdr_session_init failed Nov 25 17:21:59 filera01
> smbd[5859]: [ID 385885 daemon.debug]
> smbrdr_negotiate: cannot access domain Nov 25 17:21:59 filera01
> smbd[5859]: [ID 266124 daemon.debug]
> smbrdr_auth_logon: negotiate failed
> Nov 25 17:21:59 filera01 smbd[5859]: [ID 775558 daemon.debug]
> smb_door_srv_func: execute server routine(opcode=0) Nov 25 17:21:59
> filera01 smbd[5859]: [ID 361333 daemon.debug] smbrdr: no session
> available Nov 25 17:21:59 filera01 smbd[5859]: [ID 529032
> daemon.debug] smbrdr_session_init failed Nov 25 17:21:59 filera01
> smbd[5859]: [ID 385885 daemon.debug]
> smbrdr_negotiate: cannot access domain Nov 25 17:21:59 filera01
> smbd[5859]: [ID 266124 daemon.debug]
> smbrdr_auth_logon: negotiate failed
> Nov 25 17:21:59 filera01 smbd[5859]: [ID 775558 daemon.debug]
> smb_door_srv_func: execute server routine(opcode=0) Nov 25 17:21:59
> filera01 smbd[5859]: [ID 361333 daemon.debug] smbrdr: no session
> available Nov 25 17:21:59 filera01 smbd[5859]: [ID 529032
> daemon.debug] smbrdr_session_init failed Nov 25 17:21:59 filera01
> smbd[5859]: [ID 385885 daemon.debug]
> smbrdr_negotiate: cannot access domain Nov 25 17:21:59 filera01
> smbd[5859]: [ID 266124 daemon.debug]
> smbrdr_auth_logon: negotiate failed
> Nov 25 17:21:59 filera01 smbd[5859]: [ID 775558 daemon.debug]
> smb_door_srv_func: execute server routine(opcode=0) Nov 25 17:21:59
> filera01 smbd[5859]: [ID 361333 daemon.debug] smbrdr: no session
> available Nov 25 17:21:59 filera01 smbd[5859]: [ID 529032
> daemon.debug] smbrdr_session_init failed Nov 25 17:21:59 filera01
> smbd[5859]: [ID 385885 daemon.debug]
> smbrdr_negotiate: cannot access domain
>
>
>         _*Below log message after* *restart of smb/server service*.
> _
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 979816 daemon.debug] Querying
> DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'sasken.com'
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.dc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc01.sasken.com:389 Nov 24 23:54:59 filerz03 idmap[303]: [ID
> 537588 daemon.debug] Found _ldap._tcp.dc._msdcs.sasken.com 600 IN SRV
> [0][100] chubdc02.sasken.com:389 Nov 24 23:54:59 filerz03 idmap[303]:
> [ID 537588 daemon.debug] Found _ldap._tcp.dc._msdcs.sasken.com 600 IN
> SRV [0][100] dcasfz02.sasken.com:389 Nov 24 23:54:59 filerz03
> idmap[303]: [ID 979816 daemon.debug] Querying DNS for SRV RRs named
> '_ldap._tcp.sasken-blr._sites.dc._msdcs' for 'sasken.com'
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.sasken-blr._sites.dc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc01.sasken.com:389
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.sasken-blr._sites.dc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc02.sasken.com:389
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.sasken-blr._sites.dc._msdcs.sasken.com 600 IN SRV [0][100]
> dcasfz02.sasken.com:389
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 979816 daemon.debug] Querying
> DNS for SRV RRs named '_ldap._tcp.sasken-blr._sites.gc._msdcs' for
> 'sasken.com'
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.sasken-blr._sites.gc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc01.sasken.com:3268
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.sasken-blr._sites.gc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc02.sasken.com:3268
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.sasken-blr._sites.gc._msdcs.sasken.com 600 IN SRV [0][100]
> dcasfz02.sasken.com:3268
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 979816 daemon.debug] Querying
> DNS for SRV RRs named '_ldap._tcp.gc._msdcs' for 'sasken.com'
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 537588 daemon.debug] Found
> _ldap._tcp.gc._msdcs.sasken.com 600 IN SRV [0][100]
> chubdc01.sasken.com:3268 Nov 24 23:54:59 filerz03 idmap[303]: [ID
> 537588 daemon.debug] Found _ldap._tcp.gc._msdcs.sasken.com 600 IN SRV
> [0][100] chubdc02.sasken.com:3268 Nov 24 23:54:59 filerz03 idmap[303]:
> [ID 537588 daemon.debug] Found _ldap._tcp.gc._msdcs.sasken.com 600 IN
> SRV [0][100] dcasfz02.sasken.com:3268 Nov 24 23:54:59 filerz03
> idmap[303]: [ID 341341 daemon.debug] Looking for domains in forest...
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 632961 daemon.debug]     found
> sasken.com
> Nov 24 23:54:59 filerz03 idmap[303]: [ID 767837 daemon.debug] unable
> to discover Trusted Domains Nov 25 17:28:51 filera01 smbd[6813]: [ID
> 208731 daemon.debug] FILERA01<20> flags=0x1
> Nov 25 17:28:51 filera01 smbd[6813]: [ID 757673 daemon.debug]
> 10.125.147.200 ttl=600 flags=0x1
> Nov 25 17:28:51 filera01 smbd[6813]: [ID 208731 daemon.debug]
> FILERA01<00> flags=0x1
> Nov 25 17:28:51 filera01 smbd[6813]: [ID 757673 daemon.debug]
> 10.125.147.200 ttl=600 flags=0x1
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 702911 daemon.debug]
> msdcsLookupADS: chubdc01.sasken.com [10.1.5.100] Nov 25 17:28:52
> filera01 smbd[6813]: [ID 135458 daemon.debug] smbrdr:
> trying port 445
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 508689 daemon.debug] smbrdr:
> connected on port 445
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 434374 daemon.debug] smbrdr:
> connected port 445
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 895027 daemon.debug] smbrdr:
> CHUBDC01: signing required
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 395423 daemon.debug]
> smbrdr_ntcreatex: 14 \lsarpc
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 528497 daemon.debug]
> SmbRdrNtCreate: fid=16387
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 395423 daemon.debug]
> smbrdr_ntcreatex: 14 \lsarpc
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 528497 daemon.debug]
> SmbRdrNtCreate: fid=16390
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 775558 daemon.debug]
> smb_door_srv_func: execute server routine(opcode=0) Nov 25 17:28:52
> filera01 last message repeated 1 time Nov 25 17:28:52 filera01
> smbd[6813]: [ID 395423 daemon.debug]
> smbrdr_ntcreatex: 14 \srvsvc
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 528497 daemon.debug]
> SmbRdrNtCreate: fid=16391
> Nov 25 17:28:52 filera01 smbd[6813]: [ID 357086 daemon.debug] smbd:
> Master browser found at 10.125.147.19
>
>
> Thanks,
> M.Chidambaram.
>
> SASKEN BUSINESS DISCLAIMER
> -------------------------
> This message may contain confidential, proprietary or legally
> privileged information. In case you are not the original intended
> Recipient of the message, you must not, directly or indirectly, use,
> Disclose, distribute, print, or copy any part of this message and you
> are requested to delete it and inform the sender. Any views expressed
> in this message are those of the individual sender unless otherwise
> stated. Nothing contained in this message shall be construed as an
> offer or acceptance of any offer by Sasken Communication Technologies
> Limited ("Sasken") unless sent with that express intent and with due
> authority of Sasken. Sasken has taken enough precautions to prevent
> the spread of viruses. However the company accepts no liability for
> any damage caused by any virus transmitted by this email
>
>
> ----------------------------------------------------------------------
> --
>
> _______________________________________________
> cifs-discuss mailing list
> [email protected]
> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
SASKEN BUSINESS DISCLAIMER
-------------------------
This message may contain confidential, proprietary or legally privileged 
information. In 
case you are not the original intended Recipient of the message, you must not, 
directly or 
indirectly, use, Disclose, distribute, print, or copy any part of this message 
and you are 
requested to delete it and inform the sender. Any views expressed in this 
message are 
those of the individual sender unless otherwise stated. Nothing contained in 
this message 
shall be construed as an offer or acceptance of any offer by Sasken 
Communication 
Technologies Limited ("Sasken") unless sent with that express intent and with 
due 
authority of Sasken. Sasken has taken enough precautions to prevent the spread 
of 
viruses. However the company accepts no liability for any damage caused by any 
virus 
transmitted by this email

_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss

Re: [cifs-discuss] CIFS authentication fails

Reply via email to